This invention relates to Microsoft(copyright) Windows(copyright) operating system file authentication. More specifically, it relates to a method of authenticating the security and integrity of files in any operating system utilizing the Microsoft(copyright) Windows(copyright) registry by altering the way in which said operating system executes application programs. Alteration is accomplished by modifying the Windows(copyright) registry.
Microsoft(copyright) Windows(copyright) is a computer operating system that allows a user to execute application programs as well as perform many other functions, such as authenticating the identity of the user, executing an application or logging the identity of a user who has accessed or modified data files.
The Windows(copyright) operating system must know what type of application to execute for each type of data file or application. The database specifying which data file type is paired with which application is called the Windows(copyright) registry. Information is stored in the registry in a tree structure, so that the operating system can easily find information related to a particular kind of file, and each such file is referred to as a class of file. Each actual piece of information is stored in an information structure called a key.
A computer virus is a small computer program that, when executed, performs actions which can be malicious, such as deleting files or causing excessive network traffic. These virus programs are written so that they can place themselves into other programs or data files and, when placed on another computer and executed, infect the new computer with the virus, perform actions, and continue to replicate from there.
The term authentication, as it is being used in the present invention, means that a file must be authenticated as being suitable to execute on a computer system before it is executed. Virus detection applications are a classic type of authentication application, but other types of authentication may include verifying the name and password of a user before the application is executed in order to enhance system security, file change detection, license auditing, activity logging, or version checking, and the like. Virus detection applications perform their actions by identifying the characteristics of viruses within application and data files and removing the virus before execution, ignoring the infection, isolating the infected file, or denying access to the file pending action from the user. The action to take in the event of virus infection is user defined.
Current methods of virus detection generally occur in one or both of the following manners. According to one method, the user schedules for automatic execution or directly executes the virus detection application (FIG. 4, 41), which scans all memory and files on a computer hard drive to detect the characteristics of known viruses (FIG. 4, 42). If a file passes the authentication process, the file is uninfected (FIG. 4, 43), and the detection application goes on to the next file (FIG. 4, 45). If the file does not pass authentication (FIG. 4, 43), the detection application performs user-defined procedures to isolate or fix the unauthenticated files (FIG. 4, 44). A second method of virus detection employs an application program which runs simultaneously with the running of the operating system, that is, they run together. In this system, when the user executes an application (FIG. 5, 51), the detection software intercepts the execution and attempts to authenticate the application (FIG. 5, 52). If the application is properly authenticated (FIG. 5, 53), the execution is allowed to proceed normally (FIG. 5, 55). If the application does not pass authentication (FIG. 5, 53), then user-defined actions are performed on the application, such as not allowing the application to be executed (FIG. 5, 54).
The first method of virus authentication is lacking because it requires a computer user to regularly execute the detection software. The second method is eqaully unapt because it requires an authentication application to be executing at all times, consuming computing resources even when not needed and potentially interfering with system performance.
The present invention overcomes the above noted limitations by altering the method in which Windows(copyright) executes application programs, causing an authentication application to perform user defined actions to verify the integrity of the application program files before application program execution can progress, acting without intervention from the user, and terminating once authentication has occurred, thus releasing computing resources back to the operating system.
The present invention is known as a Computer Authentication System, CASA, and has two primary aspects: 1) the manner in which the Microsoft(copyright) Windows(copyright) registry is modified, and 2) the method by which the changes to the Windows(copyright) registry dispatches the executed file information to one or more authentication functions. The present invention includes a standard interface, called an Application Programming Interface, API, for specifying the authentication functions which are to be performed and executed on a single, stand-alone computer in real time or from a connected remote computer system across a network. Authentication functions can include, but are not limited to, virus scanning functions such as those disclosed in Cozza 815 and Dotan 517.
The main aspect of the present invention is to minimize computer resource usage by executing authentication functions only when a user starts to execute an application program.
Other aspects of this invention will appear from the following description and appended claims, reference being made to the accompanying drawings which form a part of this specification and wherein the referenced characters correspond to the like-referenced characters in the specification.